Skip to main content
Version: 1.27.2

Cilium

Cilium is an open source, cloud native solution for providing, securing, and observing network connectivity between workloads, fueled by the revolutionary Kernel technology eBPF.

For more information about Cilium refer to cilium documentation

The deployment of Cilium consists of a DaemonSet running on all nodes, and a operator Deployment. Additionally, we deploy hubble component as an observability tool on the network connections between pods in the cluster.

⚠️ please notice that the Cilium package is for cluster with less than 200 nodes.

Image repository and tag

  • cilium images:
    • registry.sighup.io/fury/cilium/cilium:v1.14.3
    • registry.sighup.io/fury/cilium/operator-generic:v1.14.3
    • registry.sighup.io/fury/cilium/hubble-ui-backend:v0.12.1
    • registry.sighup.io/fury/cilium/hubble-ui:v0.12.1
    • registry.sighup.io/fury/cilium/hubble-relay:v1.14.3

Requirements

Configuration

The Cilium package is deployed with the following configuration:

  • Cilium configured in IPAM Cluster Scope The default one
  • Default pod CIDR: 10.0.0.0/8
  • Default netmask per node: 24

⚠️ Make sure to change the Default pod CIDR if it's conflicting with your network otherwise if your node network is in the same range you will lose connectivity to other nodes.

To change the default pod CIDR you can use the following kustomize patch:

kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: kube-system

configMapGenerator:
  - name: cilium-config
    behavior: merge
    namespace: kube-system
    envs:
      - patches/cilium-cidr.env

patches/cilium-cidr.env

cluster-pool-ipv4-cidr=10.100.0.0/8
cluster-pool-ipv4-mask-size=24

:info: The CIDR used by Cilium can be different than the one used by Kubeadm.

Deployment

You can deploy Cilium by running the following command in the root of this package:

kustomize build . | kubectl apply -f -

If you want to install Cilium without hubble, use the following command from the root of this package:

kustomize build core | kubectl apply -f -